nixos/applications/bitwarden/vaultwarden.nix

{
  config,
  pkgs,
  lib,
  inputs,
  ...
}:
with lib; let
  name = "vaultwarden";
  cfg = config.services.skynet."${name}";

  domain_sub = "pw";
  domain = "${domain_sub}.skynet.ie";
in {
  imports = [
  ];

  options.services.skynet."${name}" = {
    enable = mkEnableOption "Skynet VaultWarden server";
  };

  config = mkIf cfg.enable {
    #backups = [ "/etc/silver_ul_ical/database.db" ];

    # Website config
    services.skynet.acme.domains = [
      domain
    ];

    services.skynet.dns.records = [
      {
        record = domain_sub;
        r_type = "CNAME";
        value = config.services.skynet.host.name;
      }
    ];

    services.nginx.virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        useACMEHost = "skynet";
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
        };
      };
    };

    # has ADMIN_TOKEN and SMTP_PASSWORD
    age.secrets.bitwarden_details.file = ../../secrets/bitwarden/details.age;

    services.vaultwarden = {
      enable = true;

      environmentFile = config.age.secrets.bitwarden_details.path;
      config = {
        DOMAIN = "https://${domain}";
        SENDS_ALLOWED = true;
        SIGNUPS_ALLOWED = false;

        INVITATION_ORG_NAME = "Skyhold";

        ORG_GROUPS_ENABLED = true;

        USE_SENDMAIL = false;

        SMTP_HOST = "mail.skynet.ie";
        SMTP_FROM = "vaultwarden@skynet.ie";
        SMTP_FROM_NAME = "Skynet Bitwarden server";
        SMTP_SECURITY = "starttls";
        SMTP_PORT = 587;

        SMTP_USERNAME = "vaultwarden@skynet.ie";
        SMTP_AUTH_MECHANISM = "Login";
        SMTP_EMBED_IMAGES = true;

        ROCKET_ADDRESS = "127.0.0.1";
        ROCKET_PORT = 8222;

        ROCKET_LOG = "critical";
      };
    };
  };
}
feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`inputs,`
			`...`
			`}:`
			`with lib; let`
feat: standardise all services to using ``services.skynet."${name}";`` format 2024-05-30 13:59:20 +00:00			`name = "vaultwarden";`
			`cfg = config.services.skynet."${name}";`
feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00
			`domain_sub = "pw";`
			`domain = "${domain_sub}.skynet.ie";`
			`in {`
			`imports = [`
			`];`

feat: standardise all services to using ``services.skynet."${name}";`` format 2024-05-30 13:59:20 +00:00			`options.services.skynet."${name}" = {`
feat: simplified the config for running services, only one hosts config is required now in each server config file 2024-05-30 16:55:29 +00:00			`enable = mkEnableOption "Skynet VaultWarden server";`
feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00			`};`

			`config = mkIf cfg.enable {`
			`#backups = [ "/etc/silver_ul_ical/database.db" ];`

			`# Website config`
feat: standardise acme to using ``services.skynet."${name}";`` format 2024-05-30 12:34:59 +00:00			`services.skynet.acme.domains = [`
feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00			`domain`
			`];`

feat: standardise dns to using ``services.skynet."${name}";`` format 2024-05-30 12:25:52 +00:00			`services.skynet.dns.records = [`
feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00			`{`
			`record = domain_sub;`
			`r_type = "CNAME";`
feat: simplified the config for running services, only one hosts config is required now in each server config file 2024-05-30 16:55:29 +00:00			`value = config.services.skynet.host.name;`
feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00			`}`
			`];`

fix: redirect root IP's in nginx to skynet.ie 2024-01-31 15:43:18 +00:00			`services.nginx.virtualHosts = {`
			`"${domain}" = {`
			`forceSSL = true;`
			`useACMEHost = "skynet";`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";`
			`};`
feat: added bitwarden/vaultwarden support. 2023-11-07 13:38:59 +00:00			`};`
			`};`

			`# has ADMIN_TOKEN and SMTP_PASSWORD`
			`age.secrets.bitwarden_details.file = ../../secrets/bitwarden/details.age;`

			`services.vaultwarden = {`
			`enable = true;`

			`environmentFile = config.age.secrets.bitwarden_details.path;`
			`config = {`
			`DOMAIN = "https://${domain}";`
			`SENDS_ALLOWED = true;`
			`SIGNUPS_ALLOWED = false;`

			`INVITATION_ORG_NAME = "Skyhold";`

			`ORG_GROUPS_ENABLED = true;`

			`USE_SENDMAIL = false;`

			`SMTP_HOST = "mail.skynet.ie";`
			`SMTP_FROM = "vaultwarden@skynet.ie";`
			`SMTP_FROM_NAME = "Skynet Bitwarden server";`
			`SMTP_SECURITY = "starttls";`
			`SMTP_PORT = 587;`

			`SMTP_USERNAME = "vaultwarden@skynet.ie";`
			`SMTP_AUTH_MECHANISM = "Login";`
			`SMTP_EMBED_IMAGES = true;`

			`ROCKET_ADDRESS = "127.0.0.1";`
			`ROCKET_PORT = 8222;`

			`ROCKET_LOG = "critical";`
			`};`
			`};`
			`};`
			`}`